Finding errors such as inputting a string instead of a number or "" or "/" instead of a string, or a very long string & a very large number. All this malformed parameters can help us find the place to inject XSS script.

Tag Closer

The "Tag Closer" method is used by inputing non-alphabetic and non-numeric chars
inside form's input text boxes. This chars could be: ,/,~,!,#,$,%,^,&,-,[,],null(char 255),.(dot)
But the chars that mostly does the job is either " or '. What we do is just insert "> or '> inside
a text box instead of our name/email/username/password and etc...

The best protection against it is filtering and removing from recieved input any non-alphabetic and non-numeric chars
and testing to make sure that the filtering system works! "To make XSS and SQL Injections Leet you must apply Social Engineering"

This article was kind of messy, ill try to clean it up a bit. Pulse, it seems you do not understand BBcode, or do not know we have it, but please use it. Your content is great, but the formatting is now.

But you are still going on with giving 1\'s. This is, according to you, because the articles are of low quality.

I however believe otherwise. Most of the articles are of reasonable quality, and are worth a 7, or at least a 6. I believe you just seem to think it\'s funny to give people a 1, or you want \'revenge\' for some reason. Maybe because your articles have never been accepted? I don\'t even know if you tried to make an article.

Maybe it would be a good idea to make an article yourself, so you know how hard that is. If you do so, then I will give you a 1. So you know how it feels.

I also think it would be a good idea to take your voting powers from you. Unfortunately, I am not the person to make this decision.

Why does every other site have the ability to weed out crazy votes using a system, but a site created by hackers can\'t figure one out?
A one means it sucks. No need for an explanation. And why 7? shouldn\'t 5 be middle. Now every article will end up great! bad system. I think the ones help counter the 10\'s given for no reason.

What is iVote? Who cares what others voted. And isn\'t the internet about anoymonity and privacy. Why should anyone be allowed to see everyone else\'s votes?
especially when many already tell you what they voted.

Not to mention it makes it hard to look at when trying to read any of the comments. Whose brainchild was this idea?

@BiLLo "would a good way to stop xss on a chatbox be to filter </script> ?"

No. In case of an XSS <script> attack, the result would be and open-ended script, therefore destroying everything on the site after the attacker's <script> tag.

A more efficient way is to convert <'s to &lt;'s that are not processed by the browser. You'll have to convert all the formats of "<" of course.
Check out some XSS references on the web for the set of characters that should be filtered.

However converting < to &lt; will prevent the user adding any HTML tags to the source code, this way raising difficulties to engage XSS.

HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.